Yahoo To Pay $50M For Massive Security Breach

Yahoo has said it will pay $50 million in damages and provide free credit-monitoring services to millions of Americans and Israelis following a data breach beginning in 2013 that led to as many as 3 billion accounts being compromised by hackers.

Yahoo agreed to the restitution as part of a court settlement filed Monday that still awaits the approval of a federal judge.

The case stems from the largest data breach in the history of computing, in which 3 billion Yahoo accounts representing about 200 million people were compromised by hackers, some of whom were linked to Russia by the U.S.

The breach, which occurred in 2013 and 2014 but was not disclosed until December 2016, involved the names, emails, addresses, dates of birth and phone numbers of affected customers.

Yahoo, which is now overseen by Verizon subsidiary Oath, has maintained that passwords, credit card numbers and bank account information was not among the stolen information.

In April, the Securities and Exchange Commission (SEC) fined the company $35 million for failing to properly notify customers and investors in a timely fashion about the data breach.

“Although information relating to the breach was reported to members of Yahoo’s senior management and legal department, Yahoo failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors,” the SEC said at the time.

Eligible Yahoo account holders who suffered losses from the security breach and have documentation could ask for up to 15 hours of lost time, or $375.

The free credit monitoring service’s value was pegged at about $359 for two years, though the settlement didn’t disclose how much Yahoo said it would pay to provide the coverage.

A hearing over the preliminary settlement is scheduled for federal court in California on Nov. 29.